| If you have an apple and I have an apple and we | | | | of the kernel and network address translation (NAT). |
| exchange these apples then you and I will still each | | | | For NATing one can use either ipchains or iptables. It is |
| have one apple. But if you have an idea and I have an | | | | assumed that the private network is in the |
| idea and we exchange these ideas, then each of us | | | | 192.168.1.0-255 range. |
| will have two ideas.-- George Bernard ShawThe | | | | Let us take the example of a simple network. The |
| computer world was similar to all of us having an apple | | | | server is used to connect to the internet. It's IP address |
| each till some time back. And then the wise men from | | | | is 192.168.1.1. There are 4 workstations 192.168.1.2-5. |
| the industry made networks. Ideas started flowing all | | | | They are connected to the server via the switch. All |
| over and soon came in the internet. The internet has | | | | the workstations share the internet through |
| been the best thing that has happened to the | | | | 192.168.1.1The first step is to enable ipforwarding in the |
| computer world so far. It has created a platform | | | | kernel of the server (192.168.1.1).$ vi /etc/sysctl.conf |
| where we can share our ideas.Since the Internet is a | | | | Change the line |
| large network composed of smaller networks, it made | | | | net.ipv4.ip_forward = 0 |
| sense to break the address space into smaller chunks. | | | | to |
| Network classes enable us to break down this | | | | net.ipv4.ip_forward = 1This would enable ip |
| address space. In IPv4 the various classes of | | | | forwarding.Then we need to get the server to NAT |
| networks are -Class A networks have an address | | | | which can be done via ipchains or iptables.If ipchains is |
| range between 1.0.0.1 to 126.255.255.254 and support | | | | used, create a file called rc.fw and add following lines$ |
| 16 million hosts on each of 127 networks. | | | | vi /etc/rc.d/init.d/rc.fw#!/bin/bash# First Load the |
| Class B networks have an address range between | | | | ipchains kernel module. Required only if ipchains is |
| 128.1.0.1 to 191.255.255.254 and support 65,000 hosts on | | | | compiled as a module. |
| each of 16,000 networks. | | | | /sbin/modprobe ipchains |
| Class C networks have an address range between | | | | insmod ipchains# MASQ the full 192.168.1.0/24 network |
| 192.0.1.1 to 223.255.254.254 and support 254 hosts on | | | | /sbin/ipchains -A forward -s 192.168.1.0/24 -j MASQ# |
| each of 2 million networks. | | | | List the rules |
| Class D networks have an address range between | | | | /sbin/ipchains -L -nIf iptables is used instead of |
| 224.0.0.0 to 239.255.255.255 and are reserved for | | | | ipchains, create a file called rc.fw and add the following |
| multicast groups. | | | | lines -$ vi /etc/rc.d/init.d/rc.fw#!/bin/bash# First Load |
| Class E networks have an address range between | | | | the ipchains kernel module . Required only if iptables is |
| 240.0.0.0 to 254.255.255.254 and are reserved for the | | | | compiled as a module |
| futureSuch a system makes things simple and | | | | /sbin/modprobe iptables |
| networks are manageable. However, they cannot | | | | insmod iptables# MASQ the full network |
| communicate with each other. The scenario is very | | | | /sbin/iptables -t nat -A POSTROUTING -j |
| similar to how communities grew around the world. | | | | MASQUERADE# List the rules |
| With time people from different communities needed | | | | /sbin/iptables -LThis would look after all the entire data |
| to communicate with each other, however language | | | | traffic from the local network to the internet.Finally add |
| was the barrier. The solution they found was people | | | | this to the startup -$ vi /etc/rc.local |
| who understand both the languages i.e. translators. So | | | | Add the line |
| if you need to talk to a beautiful French girl, all you | | | | /etc/rc.d/init.d/rc.fwThis ensures that the settings are |
| need to do is get somebody who understands French | | | | retained after a reboot also.After rebooting the server |
| and can translate English to French and vice versa. | | | | would do all the routing functions for the entire |
| Routers /gateways do the same in computer | | | | network.On the client side all that is required is to set |
| networks. Different networks communicate with each | | | | the default router/gateway as the server's IP i.e. |
| other using routers.A router allows hosts that are not | | | | 192.168.1.1. The entire network is now set to share the |
| on the same logical network, like an IP subnet, to | | | | internet connection.Amarjyoti Krishnan heads |
| communicate with each other. The router receives | | | | bobcares.com, a tech support company for webhosts |
| packets (chunks of data) on an interface and routes | | | | and ISPs. He is the co-founder of Poornam Info Vision |
| them to where they need to go based on a routing | | | | Ltd., a software and IT services company which |
| table; the table allows the router to have knowledge of | | | | specializes in Linux based solutions for Webhosts and |
| where a given logical network is located.Most offices | | | | ISPs. Poornam Info Vision is an ISO 9001:2000 certified |
| and homes have small class C private networks. | | | | company with a team of over 100 engineers.Amarjyoti |
| These networks need to communicate with the | | | | is a Computer Engineer based in India and has over 7 |
| servers in the internet. The only logical way for them is | | | | years of experience in the hosting industry. He has |
| to use a gateway/router. Linux has routing functionality | | | | spoken and written extensively on the subject. His |
| in the kernel itself which makes it an ideal choice for as | | | | articles have been published both online as well as in |
| routing box.One simple way of sharing the internet | | | | print in magazines. |
| connection using linux is using the IP forwarding feature | | | | |